ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 8.141.123.117:50001.

Database Entry


IOC ID:1845974
IOC: 8.141.123.117:50001
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS37963 ALIBABA-CN-NET
Country:- CN
First seen:2026-07-07 08:21:12 UTC
Last seen:never
UUID:75f89d5c-79db-11f1-97fa-42010aa4000a
Reporter navneeet
Reward 10 credits from anonymous
Tags:c2 CobaltStrike

Avatar
navneeet
Live Cobalt Strike Team Server identified. The server presents the default self-signed certificate with the default distinguished name (O=cobaltstrike, CN=Major Cobalt Strike), serial number 7529EE2F, and SHA-1 fingerprint F507F103395AA95C7452262D37F124BСВЗЕС9ЕВ0. The certificate is valid until 2026-07-13 and was retrieved in read-only mode. The host currently has limited detection on VirusTotal (2/1) and is not listed in ThreatFox. It is hosted on Alibaba Cloud (AS37963) in China.

Hunted via automated infrastructure fingerprinting using Claude Code-assisted workflows.